pridan zaklad frameworku pro "assistants" (lempldesk pruvodce)

diff --git a/assistants/new-item.inc.php b/assistants/new-item.inc.php
new file mode 100644 (file)
index 0000000..bd0aedb
--- /dev/null
+++ b/assistants/new-item.inc.php
@@ -0,0 +1,3 @@
+<?php
+echo $this->render_form_add('model');
+echo $this->render_form_add('item');

diff --git a/index.php b/index.php
index 493c92bc6b42cf1c3b4d7541f88b72337c088631..b2474e362a2d44c483e4932e548aab571bf498a1 100755 (executable)
--- a/index.php
+++ b/index.php
@@ -440,6 +440,17 @@ class Sklad_UI {
                die();
        }
 
+       function safe_include($dir,$name,$ext='.inc.php') {
+               if(preg_match('/[^a-zA-Z0-9-]/',$name)) die(trigger_error('SAFE INCLUDE: Securityfuck.'));
+               $filename="$dir/$name$ext";
+               if(!is_file($filename)) die(trigger_error('SAFE INCLUDE: Fuckfound.'));
+               ob_start();
+               include($filename);
+               $out=ob_get_contents();
+               ob_end_clean();
+               return $out;
+       }
+
        function process_http_request_post($action=false, $class=false, $id=false) {
                if($_SERVER['REQUEST_METHOD'] != 'POST') return;
                echo('<pre>'); //DEBUG (maybe todo remove)
@@ -508,6 +519,9 @@ class Sklad_UI {
                        case 'test':    //test
                                die('Tell me why you cry');
                                break;
+                       case 'assistant': //assistant
+                               echo $this->safe_include(DIR_ASSISTANTS,$PATH_CHUNKS[2]);
+                               break;
                        default:        //?
                                $search = (isset($_GET['q']) && trim($_GET['q']) != '') ? trim($_GET['q']) : false;
                                $class  = (isset($PATH_CHUNKS[1]) && $PATH_CHUNKS[1] != '') ? $PATH_CHUNKS[1] : 'item';